[+ Mark R. since we looked at this together a little at ELC]
Catalin Marinas catalin.marinas@arm.com writes:
On Sun, Apr 27, 2014 at 08:44:12PM +0100, Larry Bassel wrote:
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 39ac630..eda7755 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S
[...]
@@ -421,28 +421,30 @@ el0_da: /* * Data abort handling */
- mrs x0, far_el1
- bic x0, x0, #(0xff << 56) disable_step x1 isb enable_dbg // enable interrupts before calling the main handler enable_irq
- mrs x0, far_el1
- bic x0, x0, #(0xff << 56) mov x1, x25 mov x2, sp
b do_mem_abort
Reading the far_el1 after enable_dbg and enable_irq is racy, we can no longer guarantee its value in the original data abort context.
Catalin, can you confirm x26 would be a safe place to stash far_el1 and then restore it after ct_user_exit. Something like this (which seems to work for me):
el0_da: /* * Data abort handling */ mrs x26, far_el1 disable_step x1 isb enable_dbg // enable interrupts before calling the main handler enable_irq ct_user_exit mov x0, x26 bic x0, x0, #(0xff << 56) mov x1, x25 mov x2, sp adr lr, ret_from_exception b do_mem_abort
Kevin